Http://www.tuutao.com/index.php soil Amoy network with Ecmall site creation template, using this template should be through the kill it there is a search box injection, injection points for: http://www.tuutao.com/index.php? App = store & act = search & id = 45 & keyword = aaa & min_price = 100 & max_price = 10000 first, get the parameters from get, then it is combined into an SQL query statement condition: 1. search. app. in php, this code is used to construct an SQL code for querying min and max prices without Filtering:
/*** Obtain the query Condition Statement ** @ param array $ param query parameter (description of return values of function _ get_query_param) * @ return string where statement */function _ get_goods_conditions ($ param) {/* composition query condition */$ conditions = "g. if_show = 1 AND g. closed = 0 AND s. state = 1 "; // The store is in the enabled status when it is shelved and not banned. if (isset ($ param ['keyword']) {$ conditions. = $ this-> _ get_conditions_by_keyword ($ param ['keyword'], ENABLE_SEARCH_CACHE);} if (isset ($ param ['cate _ id']) {$ conditions. = "AND g. cate_id _ {$ param ['lay']} = '". $ param ['cate _ id']. "'";} if (isset ($ param ['brand']) {$ conditions. = "AND g. brand = '". $ param ['brand']. "'";} if (isset ($ param ['region _ id']) {$ conditions. = "AND s. region_id = '". $ param ['region _ id']. "'";} if (isset ($ param ['price']) {$ min = $ param ['price'] ['Min']; $ max = $ param ['price'] ['max ']; $ min> 0 & $ conditions. = "AND g. price> = '$ min' "; $ max> 0 & $ conditions. = "AND g. price <= '$ max' ";} return $ conditions ;}
2. The following code is the query execution part, which directly brings the above parameters into the query:
/* Price Statistics */if ($ total_count> NUM_PER_PAGE) {$ SQL = "SELECT MIN (g. price) AS min, MAX (g. price) AS max FROM {$ table} WHERE ". $ conditions; $ row = $ goods_mod-> getRow ($ SQL); $ min = $ row ['Min']; $ max = min ($ row ['max '], MAX_STAT_PRICE); $ step = max (ceil ($ max-$ min)/PRICE_INTERVAL_NUM), MIN_STAT_STEP); $ SQL = "SELECT FLOOR (g. price-'$ min')/' $ step') AS I, count (*) AS count FROM {$ table} WHERE ". $ conditions. "group by I order by I"; $ res = $ goods_mod-> db-> query ($ SQL ); while ($ row = $ goods_mod-> db-> fetchRow ($ res )) {$ data ['by _ price'] [] = array ('Count' => $ row ['Count'], 'Min' => $ min + $ row ['I'] * $ step, 'max '=> $ min + ($ row [' I '] + 1) * $ step ,);}}}
3. many parameters are not filtered on this page. Check the database: available databases [2]: [*] information_schema [*] tuutao account: current user: tables contained in the 'tuutao _ u @ localhost' database tuutao:
Database: tuutao[84 tables]+------------------------+| _ecm_third_login || chat_customgroup || chat_pals || chat_session || chat_transfer_fileinfo || chat_users || ecm_acategory || ecm_address || ecm_ads_left || ecm_article || ecm_ative || ecm_attribute || ecm_brand || ecm_cart || ecm_category_goods || ecm_category_store || ecm_collect || ecm_coupon || ecm_coupon_sn || ecm_friend || ecm_function || ecm_game || ecm_gcategory || ecm_get_prize || ecm_goods || ecm_goods_attr || ecm_goods_image || ecm_goods_integral || ecm_goods_qa || ecm_goods_spec || ecm_goods_statistics || ecm_goods_tpl || ecm_goods_tuijian || ecm_groupbuy || ecm_groupbuy_log || ecm_handsel || ecm_hdlog || ecm_integral || ecm_logistics || ecm_logistics_conf || ecm_logsingle || ecm_mail_queue || ecm_member || ecm_member_ofields || ecm_message || ecm_module || ecm_money_logs || ecm_navigation || ecm_order || ecm_order_extm || ecm_order_goods || ecm_order_integral || ecm_order_log || ecm_pageview || ecm_partner || ecm_payment || ecm_privilege || ecm_prize || ecm_promotion || ecm_promotion_local || ecm_promotion_log || ecm_recommend || ecm_recommended_goods || ecm_refer || ecm_region || ecm_scategory || ecm_seckill || ecm_seckill_subject || ecm_sessions || ecm_sessions_data || ecm_sgrade || ecm_ship || ecm_shipping || ecm_specialpage || ecm_specialpage_goods || ecm_specify || ecm_store || ecm_template || ecm_third_login || ecm_timedisc || ecm_uploaded_file || ecm_user_coupon || ecm_user_priv || ecm_user_prize |+------------------------+
Solution:Various Filters
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
